DEMON

Design Methods Based on Nets

Dal 1989-06-19
al 1992-03-18

Dettagli del progetto

Costo totale:

Non disponibile

Contributo UE:

Non disponibile

Coordinato in:

Germany

Obiettivo

The main aim of the DEMON Action was to enhance Petri-net theory and lay the foundations needed for a complete and effective design calculus for concurrent systems, to include: -composition, refinement and abstraction techniques -algebras and proof rules -notions of equivalence, congruence, simulation and implementation -associated formal verification techniques such as structural analysis or state-space analysis. The theoretical enhancements will support modular system construction and the refinement of high-level designs. In this way, the existing frequent use of Petri-nets as a graphical and analytical tool in the early stages of the design of individual parts of concurrent systems can be extended to include and integrate formal methods for all stages and aspects of the specification, construction and analysis of concurrent systems.In order to ensure the correct and efficient functioning of concurrent systems, effective formal reasoning is indispensable during their design. Suitable formalizms should provide appropriate means to facilitate such reasoning. Petri net theory provides a mature formalizm capable of describing concurrency. The research undertook the foundation work needed for the eventual development of an effective design calculus for concurrent systems based on this formalizm. The envisaged calculus comprises structuring techniques, proof techniques, appropriate notions of equivalence and implementation, and analysis techniques.APPROACH AND METHODS The approach involved research directly concerning the appropriate net theoretical notions, in particular relating to modularity, and their interplay with concurrency semantics. This research was complemented by: -An attempt to combine the advantages of Petri-net theory with those of other approaches to concurrency theory that are more strongly compositionally oriented. -An attempt to bridge the wide gap between existing formal methods and the actual design of large concurrent systems. In this way the Action examined and strengthened the existing (and already rather tight) links between the Petri-net model and other models of concurrency. Furthermore, a selection of specification and implementation methods that are in actual use were investigated. To round off the work, a number of case-studies were investigated to test the usefulness of the approach. PROGRESS AND RESULTS -Foundational work: DEMON has contributed to the development of a unified semantics of concurrency. In particular, strong relationships between transition systems and elementary Petri Nets have been detected. Trace theory has been generalised for Petri N ets and has been extended for the infinite case. -Analysis techniques: The relationship between structure and behaviour has been extensively studied. As a result, fast algorithms have been developed to check properties such as deadlock-freeness or reachability. Most recently, fast model checking algori thms have been developed and proved. -Calculus: A Petri net based algebra has been defined featuring action refinement, general recursion, priorities and other operators. A corresponding semantic domain using a restricted version of high level nets has been defined, and a fully compositiona l semantics given. The algebra features multilabels, by which multiway communications can be built up gradually, allowing atomic actions and shared data as well as channel communication to be handled compositionally. Its operational and denotational semantics have been given, and several case studies have been done. A large subset of occam-2 has been given a Petri net semantics using the calculus. -Structuring and equivalences: Results on property preservation can be divided into two groups: equivalence preservation (ie two coarse models with the same behaviour are expected to have the same behaviour after refinement in the same way) and behaviour preservation (ie the coarse and the refined systems model are expected to have the same behaviour). -Specification: A general class of high-level Petri nets which allow the syntactic manipulation of properties (algebraic nets) has been defined. Its use for the specification and the proof of case studies has been demonstrated; the case studies include f ully symmetric distributed termination and a general mutual exclusion algorithm. Algebraic nets have been linked to object oriented languages such as OBJ, and given a distributed semantics. -Proof techniques: A UNITY-style logics based on partial orders is under construction for algebraic nets. The calculus is being provided with inference rules, the usefulness of which has been demonstrated in the proof of a triply modular redundancy syste m. POTENTIAL The development of a new concurrent programming notation with traditional syntax and Petri net semantics is within reach. Forging existing Petri net tools (for instance, concerning state-space reduction) to fit a package including this language or occam is possible. The development of a modular design and verification package and the standardisation of the formal concurrency semantics of occam-2 can be envisaged as spin-off projects. The fast algorithms on property and model checking developed in DEMON are ready to be implemented.